From 719408745786159cb0471477e015e155c14935b6 Mon Sep 17 00:00:00 2001 From: Vadim Yanitskiy Date: Sun, 26 May 2019 00:49:57 +0700 Subject: gsm48_decode_bcd_number2(): fix: return -ENOSPC on truncation The documentation of gsm48_decode_bcd_number2() clearly states that the output truncation is a erroneous case, so it should actually return negative in such cases. Let's return -ENOSPC. Change-Id: I75680f232001ba419a587fed4c24f32c70c3ad2b --- src/gsm/gsm48_ie.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/gsm/gsm48_ie.c b/src/gsm/gsm48_ie.c index 48d0d379..311836d3 100644 --- a/src/gsm/gsm48_ie.c +++ b/src/gsm/gsm48_ie.c @@ -66,9 +66,15 @@ int gsm48_decode_bcd_number(char *output, int output_len, * \param[in] bcd_lv Length-Value part of to-be-decoded IE. * \param[in] input_len Size of the bcd_lv buffer for bounds checking. * \param[in] h_len Length of an optional header between L and V parts. - * \return 0 in case of success, negative on error. Errors checked: no or too little input data, no or too little - * output buffer size, IE length exceeds input data size, decoded number exceeds size of the output buffer. The output - * is guaranteed to be nul terminated iff output_len > 0. + * \return 0 in case of success, negative on error. + * + * Errors checked: + * - no or too little input data (-EIO), + * - IE length exceeds input data size (-EIO), + * - no or too little output buffer size (-ENOSPC), + * - decoded number exceeds size of the output buffer (-ENOSPC). + * + * The output is guaranteed to be nul terminated iff output_len > 0. */ int gsm48_decode_bcd_number2(char *output, size_t output_len, const uint8_t *bcd_lv, size_t input_len, @@ -102,6 +108,10 @@ int gsm48_decode_bcd_number2(char *output, size_t output_len, if (output_len >= 1) *output++ = '\0'; + /* Indicate whether the output was truncated */ + if (i < in_len) + return -ENOSPC; + return 0; } -- cgit v1.2.3